Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp.
Metrics
Affected Vendors & Products
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2015-2444 | Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters |
 Github GHSA |
GHSA-6c8c-f2w2-jvjr | Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T05:10:16.167Z
Reserved: 2015-03-19T00:00:00
Link: CVE-2015-2351
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2015-03-19T14:59:03.663
Modified: 2025-04-12T10:46:40.837
Link: CVE-2015-2351
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses